You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by "T. Papke" <de...@thopap.de> on 2008/03/28 17:48:01 UTC
ACEGI Problem with anonymous
Hello,
I use Tapestry 5 (5.0.11) with acegi (tapestry-acegi 1.0.3).
Following code snipplet should explain my problem:
@Secured("ROLE_USER")
public class OrderConfirm {
....
public void pageLoaded(){
log.debug("creating order");
log.debug("Authenticated isAuthenticated:
"+SecurityContextHolder.getContext().getAuthentication().isAuthenticated());
log.debug("Authenticated getPrincipal:
"+SecurityContextHolder.getContext().getAuthentication().getPrincipal());
....
}
....
}
If i navigate to that page (not-logged-in), the pageLoaded() method is
invoked already before login (ok known todo of tapestry-acegi "Secured
class still allows access to action methods"). So my workaround-idea was
here, to use
"SecurityContextHolder.getContext().getAuthentication().isAuthenticated()"
to check if user is authenticated. But method return "true" - but before
i was logged-in:
DEBUG - Authenticated isAuthenticated: true
DEBUG - Authenticated getPrincipal: anonymous
Anyone an idea why isAuthenticated() return true?
A "anonymous" user should be a non-authenticated user? Anyone a workaround?
Thank you,
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
RE: ACEGI Problem with anonymous
Posted by Jonathan Barker <jo...@gmail.com>.
Thomas,
In the SecurityModule in tapestry5-acegi, in the contributeProviderManager()
method, there is the line:
configuration.add("anonymousAuthenticationProvider",
anonymousAuthenticationProvider);
So, by default, according to the Acegi docs:
#
AnonymousProcessingFilter, so that if no earlier authentication processing
mechanism updated the SecurityContextHolder, an anonymous Authentication
object will be put there
#
You could rebuild tapestry5-acegi from source (which is easy - I did it)
commenting out the line above, or you can combine Acegi with a little
"old-school" Tapestry - checking for some property in an ASO that is only
set after successful authentication, or look to see the type of the
Principal (checking for AnonymousAuthenticationToken - I think).
Jonathan
> -----Original Message-----
> From: T. Papke [mailto:dev@thopap.de]
> Sent: Friday, March 28, 2008 12:48 PM
> To: Tapestry users
> Subject: ACEGI Problem with anonymous
>
> Hello,
>
> I use Tapestry 5 (5.0.11) with acegi (tapestry-acegi 1.0.3).
>
> Following code snipplet should explain my problem:
>
> @Secured("ROLE_USER")
> public class OrderConfirm {
> ....
> public void pageLoaded(){
> log.debug("creating order");
> log.debug("Authenticated isAuthenticated:
> "+SecurityContextHolder.getContext().getAuthentication().isAuthenticated()
> );
> log.debug("Authenticated getPrincipal:
> "+SecurityContextHolder.getContext().getAuthentication().getPrincipal());
> ....
> }
> ....
> }
>
> If i navigate to that page (not-logged-in), the pageLoaded() method is
> invoked already before login (ok known todo of tapestry-acegi "Secured
> class still allows access to action methods"). So my workaround-idea was
> here, to use
> "SecurityContextHolder.getContext().getAuthentication().isAuthenticated()"
> to check if user is authenticated. But method return "true" - but before
> i was logged-in:
> DEBUG - Authenticated isAuthenticated: true
> DEBUG - Authenticated getPrincipal: anonymous
>
> Anyone an idea why isAuthenticated() return true?
> A "anonymous" user should be a non-authenticated user? Anyone a
> workaround?
>
> Thank you,
> Thomas
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org